From b685b77d3abb5978b64c2b478947700972577d04 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Fri, 9 Apr 2021 12:06:48 +0200
Subject: [PATCH] #1946 Add limited count query

---
 ScalliGraph                                                | 2 +-
 .../cortex/controllers/v0/CortexQueryExecutor.scala        | 7 ++++++-
 .../thp/thehive/controllers/v0/TheHiveQueryExecutor.scala  | 5 +++++
 .../thp/thehive/controllers/v1/TheHiveQueryExecutor.scala  | 5 +++++
 thehive/conf/reference.conf                                | 2 ++
 .../test/org/thp/thehive/controllers/v0/QueryTest.scala    | 7 ++++---
 6 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/ScalliGraph b/ScalliGraph
index 268150cf26..0fa2e37c38 160000
--- a/ScalliGraph
+++ b/ScalliGraph
@@ -1 +1 @@
-Subproject commit 268150cf261cd14f025f2c1dfc35caae38f02802
+Subproject commit 0fa2e37c388a599d918b7eda4711418e6c8640d3
diff --git a/cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/CortexQueryExecutor.scala b/cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/CortexQueryExecutor.scala
index 96e8390af9..87318660a9 100644
--- a/cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/CortexQueryExecutor.scala
+++ b/cortex/connector/src/main/scala/org/thp/thehive/connector/cortex/controllers/v0/CortexQueryExecutor.scala
@@ -5,6 +5,7 @@ import org.thp.scalligraph.auth.AuthContext
 import org.thp.scalligraph.controllers.FieldsParser
 import org.thp.scalligraph.models._
 import org.thp.scalligraph.query._
+import org.thp.scalligraph.services.config.{ApplicationConfig, ConfigItem}
 import org.thp.scalligraph.traversal.Traversal
 import org.thp.scalligraph.traversal.TraversalOps._
 import org.thp.scalligraph.{BadRequestError, EntityIdOrName}
@@ -18,7 +19,8 @@ import javax.inject.{Inject, Singleton}
 import scala.reflect.runtime.{universe => ru}
 
 @Singleton
-class CortexQueryExecutor @Inject() (implicit
+class CortexQueryExecutor @Inject() (
+    appConfig: ApplicationConfig,
     override val db: Database,
     job: PublicJob,
     report: PublicAnalyzerTemplate,
@@ -27,6 +29,9 @@ class CortexQueryExecutor @Inject() (implicit
 ) extends QueryExecutor {
   lazy val controllers: List[PublicData] = action :: report :: job :: analyzerTemplate :: Nil
 
+  val limitedCountThresholdConfig: ConfigItem[Long, Long] = appConfig.item[Long]("query.limitedCountThreshold", "Maximum number returned by a count")
+  override val limitedCountThreshold: Long                = limitedCountThresholdConfig.get
+
   override lazy val publicProperties: PublicProperties = controllers.map(_.publicProperties).reduce(_ ++ _)
 
   override lazy val queries: Seq[ParamQuery[_]] =
diff --git a/thehive/app/org/thp/thehive/controllers/v0/TheHiveQueryExecutor.scala b/thehive/app/org/thp/thehive/controllers/v0/TheHiveQueryExecutor.scala
index a4f81dbb79..5db1c5c90e 100644
--- a/thehive/app/org/thp/thehive/controllers/v0/TheHiveQueryExecutor.scala
+++ b/thehive/app/org/thp/thehive/controllers/v0/TheHiveQueryExecutor.scala
@@ -5,6 +5,7 @@ import org.thp.scalligraph.auth.AuthContext
 import org.thp.scalligraph.controllers.{FObject, Field, FieldsParser}
 import org.thp.scalligraph.models._
 import org.thp.scalligraph.query._
+import org.thp.scalligraph.services.config.{ApplicationConfig, ConfigItem}
 import org.thp.scalligraph.traversal.Traversal
 import org.thp.scalligraph.traversal.TraversalOps._
 import org.thp.scalligraph.utils.RichType
@@ -37,6 +38,7 @@ object OutputParam {
 @Singleton
 class TheHiveQueryExecutor @Inject() (
     override val db: Database,
+    appConfig: ApplicationConfig,
     alert: PublicAlert,
     audit: PublicAudit,
     `case`: PublicCase,
@@ -57,6 +59,9 @@ class TheHiveQueryExecutor @Inject() (
   lazy val publicDatas: Seq[PublicData] =
     Seq(alert, audit, `case`, caseTemplate, customField, dashboard, log, observable, observableType, organisation, page, profile, tag, task, user)
 
+  val limitedCountThresholdConfig: ConfigItem[Long, Long] = appConfig.item[Long]("query.limitedCountThreshold", "Maximum number returned by a count")
+  override val limitedCountThreshold: Long                = limitedCountThresholdConfig.get
+
   def metaProperties: PublicProperties =
     PublicPropertyListBuilder
       .forType[Product](_ => true)
diff --git a/thehive/app/org/thp/thehive/controllers/v1/TheHiveQueryExecutor.scala b/thehive/app/org/thp/thehive/controllers/v1/TheHiveQueryExecutor.scala
index b11fcace4a..f6c0567967 100644
--- a/thehive/app/org/thp/thehive/controllers/v1/TheHiveQueryExecutor.scala
+++ b/thehive/app/org/thp/thehive/controllers/v1/TheHiveQueryExecutor.scala
@@ -3,6 +3,7 @@ package org.thp.thehive.controllers.v1
 import org.thp.scalligraph.controllers.{FObject, FieldsParser}
 import org.thp.scalligraph.models.Database
 import org.thp.scalligraph.query._
+import org.thp.scalligraph.services.config.{ApplicationConfig, ConfigItem}
 
 import javax.inject.{Inject, Singleton}
 
@@ -21,6 +22,7 @@ object OutputParam {
 
 @Singleton
 class TheHiveQueryExecutor @Inject() (
+    appConfig: ApplicationConfig,
     alertCtrl: AlertCtrl,
     auditCtrl: AuditCtrl,
     caseCtrl: CaseCtrl,
@@ -66,6 +68,9 @@ class TheHiveQueryExecutor @Inject() (
       taxonomyCtrl
     )
 
+  val limitedCountThresholdConfig: ConfigItem[Long, Long] = appConfig.item[Long]("query.limitedCountThreshold", "Maximum number returned by a count")
+  override val limitedCountThreshold: Long                = limitedCountThresholdConfig.get
+
   override val version: (Int, Int) = 1 -> 1
 
   override lazy val publicProperties: PublicProperties = controllers.foldLeft(properties.metaProperties)(_ ++ _.publicProperties)
diff --git a/thehive/conf/reference.conf b/thehive/conf/reference.conf
index fd90ce7b82..0bcf7561f6 100644
--- a/thehive/conf/reference.conf
+++ b/thehive/conf/reference.conf
@@ -12,6 +12,8 @@ db {
   initialisationTimeout: 1 hour
 }
 
+query.limitedCountThreshold: 1000
+
 storage {
   provider: localfs
   localfs.directory: /opt/thp/thehive/files
diff --git a/thehive/test/org/thp/thehive/controllers/v0/QueryTest.scala b/thehive/test/org/thp/thehive/controllers/v0/QueryTest.scala
index ab415bebd3..14cbcca708 100644
--- a/thehive/test/org/thp/thehive/controllers/v0/QueryTest.scala
+++ b/thehive/test/org/thp/thehive/controllers/v0/QueryTest.scala
@@ -13,8 +13,9 @@ class QueryTest extends PlaySpecification with Mockito {
   val publicTask = new PublicTask(mock[TaskSrv], mock[OrganisationSrv], mock[UserSrv])
 
   val queryExecutor: QueryExecutor = new QueryExecutor {
-    override val db: Database        = mock[Database]
-    override val version: (Int, Int) = 0 -> 0
+    override val limitedCountThreshold: Long = 1000
+    override val db: Database                = mock[Database]
+    override val version: (Int, Int)         = 0 -> 0
     override lazy val queries: Seq[ParamQuery[_]] =
       publicTask.initialQuery +: publicTask.getQuery +: publicTask.outputQuery +: publicTask.outputQuery +: publicTask.extraQueries
     override lazy val publicProperties: PublicProperties = publicTask.publicProperties
@@ -56,7 +57,7 @@ class QueryTest extends PlaySpecification with Mockito {
 
       val queryOrError = taskCtrl.statsParser(Field(input))
       queryOrError.isGood must beTrue.updateMessage(s => s"$s\n$queryOrError")
-      queryOrError.get must not be empty
+      queryOrError.get    must not be empty
     }
   }
 }